Check that connection limit is within valid range. IOW, not < -1.

It's missing in older versions too, but it doesn't seem worth back-porting. All negative are just harmlessly treated as "no limit", and tightening the check might even brake an application that relies on it.
2025-06-27 23:21:58 +03:00 · 2009-01-30 17:24:47 +00:00
parent cb629f7225
commit 4265ed9f4e
2 changed files with 26 additions and 2 deletions
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@ -6,7 +6,7 @@
 * Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- * $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.185 2009/01/22 20:16:02 tgl Exp $
+ * $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.186 2009/01/30 17:24:47 heikki Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -242,7 +242,13 @@ CreateRole(CreateRoleStmt *stmt)
 	if (dcanlogin)
 		canlogin = intVal(dcanlogin->arg) != 0;
 	if (dconnlimit)
+	{
 		connlimit = intVal(dconnlimit->arg);
+		if (connlimit < -1)
+			ereport(ERROR,
+					(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+					 errmsg("invalid connection limit: %d", connlimit)));
+	}
 	if (daddroleto)
 		addroleto = (List *) daddroleto->arg;
 	if (drolemembers)
@ -533,7 +539,13 @@ AlterRole(AlterRoleStmt *stmt)
 	if (dcanlogin)
 		canlogin = intVal(dcanlogin->arg);
 	if (dconnlimit)
+	{
 		connlimit = intVal(dconnlimit->arg);
+		if (connlimit < -1)
+			ereport(ERROR,
+					(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+					 errmsg("invalid connection limit: %d", connlimit)));
+	}
 	if (drolemembers)
 		rolemembers = (List *) drolemembers->arg;
 	if (dvalidUntil)